dhanhq

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's docs and workflows explicitly instruct the agent to fetch and parse public web data — e.g., ScanX pages (references/scanx-data.md instructs fetching https://scanx.trade/company/{slug}) and the Dhan security master CSV (references/instruments.md points to https://images.dhan.co/api-data/api-scrip-master.csv) — and then use that extracted third‑party data to drive analysis and trading actions, so untrusted public content can materially influence decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a broker SDK for Dhan (Indian exchanges) with dedicated methods for placing, modifying, cancelling, and streaming orders (e.g., dhan.place_order(), dhan.modify_order(), dhan.cancel_order(), place_super_order(), place_forever(), dhan.kill_switch()). It documents order types (MARKET/LIMIT), product types, fund limits, margin checks, rate limits for Order APIs, and account/access pre-checks required for live execution. These are specific, purpose-built financial-execution capabilities (market orders / trade execution), not generic tooling. Therefore it grants direct financial execution authority.